CVE-2017-12235 Cisco CVE debrief

Who should care

Organizations using Cisco IOS software on Industrial Ethernet Switches, especially environments that rely on PROFINET and any operational technology or industrial network segments where loss of availability could affect production or safety.

Technical summary

The available official records identify a denial-of-service condition in Cisco IOS software for Cisco Industrial Ethernet Switches related to PROFINET handling. No additional exploit details, impact scope, or CVSS score are provided in the supplied corpus. Because the vulnerability appears in CISA KEV, defenders should treat it as an actively exploited issue and prioritize remediation using Cisco's vendor instructions.

Defensive priority

High

Recommended defensive actions

• Apply updates per vendor instructions.
• Identify any Cisco Industrial Ethernet Switches running affected IOS software.
• Prioritize remediation on exposed or mission-critical industrial network assets.
• Validate whether PROFINET services are present in the affected environment.
• Monitor affected segments for service interruptions or unexpected device instability during remediation.

Evidence notes

The supplied timeline and source metadata show CVE publication and KEV addition on 2022-03-03, with a due date of 2022-03-24. The source item explicitly marks the issue as a CISA Known Exploited Vulnerability and directs defenders to apply updates per vendor instructions. No CVSS score or additional technical detail is present in the provided corpus.

Official resources